Validated Protection Profiles

The following Protection Profiles (PP) have been evaluated and certified in accordance with the provisions of the NIAP Common Criteria Evaluation and Validation Scheme and the Common Criteria Recognition Arrangement (CCRA). The PPs on this list have been evaluated at accredited and licensed/approved evaluation facilities in the U.S. or in one of the other countries participating in the CCRA for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408).

Common Criteria certificates issued for PPs apply only to the specific versions and releases of those PPs and are valid only in conjunction with complete certification/validation reports.

U.S. Government Protection Profiles

With many profiles being developed by numerous organizations within NIST and NSA, it became apparent that Protection Profile (PP) efforts needed to be closely coordinated to facilitate representing a consistent strategic view to vendors and Government consumers. In Feb 2002, NIST and NSA outlined a PP Development Plan (PPDP), to provide PP authors with a process for the development and maintenance of U.S. Government PPs, and created the PP Review Board (PPRB) to identify and set forth frameworks of consistent security requirements relative to the appropriate robustness of the PPs. The set of consistent security requirements identified by the PPRB are recorded in a document referred to as a U.S. Government PP Consistency Instruction Manual (CIM). In October 2002, PP CIMs for Basic and Medium Robustness were posted on the NIAP website. The adherence to the PPDP together with conformance to the PP CIM of the appropriate robustness makes up the criteria for a U.S. Government PP. PPs written by US entities prior to October 2002 are recognized as U.S. Government Protection Profiles and may be referred to as such even though they do not have “US Government” in their PP title. All PPs that are submitted for NIAP approval after October 2002, and which followed the PPDP and meet the PPCIM criteria, will be labeled “U.S. Government Protection Profile.”

Sunset Date of PPs

1. All PPs will be reviewed periodically to determine if the requirements are still acceptable in the face of rapidly changing technology, increasing threat levels, and other conditions.
2. Sunset dates for PPs being replaced will be determined by the severity of changes and will be clearly posted next to the PP listing. All PPs with a sunset date will be marked with a sunset icon.
3. When a sunset date is reached, the PP will no longer be available for new Security Target compliance claims.
4. As soon as the sunset date is posted, vendors are encouraged to migrate to the requirements of the replacement PP.
5. Assurance Maintenance may continue against a PP until it reaches its sunset date.

Archived Protection Profiles (PPs)

PPs are reviewed periodically to determine if the security functional and assurance requirements are still acceptable in the face of rapidly changing technology and increasing threat levels. If it is determined that specific protection profiles no longer accurately map to existing technology and threat levels, these PPs will be retired and archived. PPs listed in the archived section of the NIAP CCEVS Validated Protection Profiles page are to be used for reference purposes only.

Click on a column header to change the sort order.